Skip to content

Commit

Permalink
don't substitute binaries
Browse files Browse the repository at this point in the history
  • Loading branch information
@edwtjo @mergify
edwtjo authored and mergify[bot] committed Oct 14, 2023
1 parent f995ea1 commit 7711514
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions modules/sops/templates/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,11 +90,12 @@ in {
tpl = config.sops.templates.${name};
substitute = pkgs.writers.writePython3 "substitute" { }
(readFile ./subs.py);
subst-pairs = pkgs.writeText "pairs" (concatMapStringsSep "\n"
subst-pairs = pkgs.writeText "pairs" (flip (concatMapStringsSep "\n")
(attrNames (filterAttrs (n: v: v ? format && v.format != "binary") config.sops.secrets))
(name:
"${toString config.sops.placeholder.${name}} ${
config.sops.secrets.${name}.path
}") (attrNames config.sops.secrets));
}"));
in ''
mkdir -p "${dirOf tpl.path}"
(umask 077; ${substitute} ${tpl.file} ${subst-pairs} > ${tpl.path})
Expand Down

1 comment on commit 7711514

@wmertens
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@edwtjo this is problematic for me, I encode all my secrets as binaries

Please sign in to comment.